Forum Discussion

Striker_79_1498's avatar
Striker_79_1498
Icon for Nimbostratus rankNimbostratus
Jun 03, 2014

OTP to SMS and EMAIL on BIG IP APM

Hello,

 

I have an access policy for webmail where i have configured OTP to sms if user is member of a spesific AD group and OTP to email if user is member of another AD group.

 

Is it possible to have BIG IP APM to send OTP to both sms and email if user is member of both group?

 

BIG-IP Access Policy Manager (APM)
security

3 Replies

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Jun 03, 2014

    How do you send out the OTP, using HTTP Auth? If yes, I think you can call twice or can pass extra POST variable.

     

  • Yazan_Khader's avatar
    Yazan_Khader
    Icon for Nimbostratus rankNimbostratus
    Jun 03, 2014

    hi ,

     

    you will need to add an additional branch in the AD Query [if user is member of group-1 AND group-2]

     

    how the OTP will be generated ? you need to have 3rd-party application to generate OTP for AD users [like RSA or mi-token] then F5-APM will send the use's login details to the OTP 3rd-party server as RADIUS authentication [by replacing the raduis password by AD-user-attributes like mobile phone number] . then the OTP server need to have SMS functionality to send the OTP to the SMS-server using HTTP Auth .

     

    APM can't send the OTP to the SMS server , APM will pass the user-details from the login page to OTP server , OTP server will send the OTP to SMS-server .

     

    APM will be able to send simple messages like successfully logged on or login-attempt-failure directly to the SMS server using HTTP Auth .